/ 
PAGI-0.001007
/ PAGI::Middleware::ReverseProxy

NAME

PAGI::Middleware::ReverseProxy - Handle X-Forwarded-* headers from reverse proxies

SYNOPSIS

use PAGI::Middleware::Builder;

my $app = builder {
    enable 'ReverseProxy',
        trusted_proxies => ['127.0.0.1', '10.0.0.0/8'];
    $my_app;
};

DESCRIPTION

PAGI::Middleware::ReverseProxy processes X-Forwarded-* headers from trusted reverse proxies and updates the scope with the original client information.

CONFIGURATION

  • trusted_proxies (default: ['127.0.0.1', '::1'])

    Arrayref of trusted proxy IP addresses or CIDR ranges.

  • trust_all (default: 0)

    If true, trust X-Forwarded headers from any source. Use with caution!

HEADERS PROCESSED

  • X-Forwarded-For - Original client IP

  • X-Forwarded-Proto - Original protocol (http/https)

  • X-Forwarded-Host - Original Host header

  • X-Forwarded-Port - Original port

  • X-Real-IP - Alternative to X-Forwarded-For (nginx)

SCOPE MODIFICATIONS

When headers are processed from a trusted proxy:

  • client - Updated to original client [IP, port]

  • original_client - The proxy's [IP, port]

  • scheme - Updated to 'https' if X-Forwarded-Proto indicates

  • headers - Host header updated if X-Forwarded-Host present

  • server - Port updated if X-Forwarded-Port present

SECURITY

Only trust X-Forwarded headers from known reverse proxies. Never enable trust_all in production unless you fully understand the security implications.

SEE ALSO

PAGI::Middleware - Base class for middleware

PAGI::Middleware::HTTPSRedirect - HTTPS redirect